In this tutorial we will learn,how to allow only members of Wheel group to use su command.Means only members of wheel group can switch to another user by using su command.As we know that in Red Hat based operating system, wheel group is a special administrative group.

To allow only Wheel group’s member to use su command, follow the given below steps

In this method, we will edit the PAM file.

Step 1 : Add some user to wheel group by using usermod command. Select only those user which you want to allow using su command

Syntax:

usermod -a -G wheel username

For eg. We are adding user sharad in group called wheel

[root@localhost ~]# usermod -a -G wheel sharad
[root@localhost ~]# id sharad
uid=500(sharad) gid=500(sharad) groups=500(sharad),10(wheel)
[root@localhost ~]# 

Step 2: Edit the /etc/pam.d/su file. We suggest you to also take the backup of /etc/pam.d/su file in your Desktop or some other path in system.

Taking backup of /etc/pam.d/su file

cp -p /etc/pam.d/su /root/etc-pamd-su

Editing /etc/pam.d/su file

Uncomment given below line in /etc/pam.d/su

auth		required	pam_wheel.so use_uid

See below given screenshot of /etc/pam.d/su after editing
Reference: /etc/pam.d/su file edited in operating system CentOS 6.5.

In below given section user called test is not able to use su command. The reason is , user test is not member of wheel group.

[test@localhost ~]$ id test
uid=501(test) gid=501(test) groups=501(test)
[test@localhost ~]$ 
[test@localhost ~]$ su
Password: 
su: incorrect password
[test@localhost ~]$ 
[test@localhost ~]$ su -l sharad
Password: 
su: incorrect password
[test@localhost ~]$